--- /dev/null
+--- ebtables2.orig/extensions/ebt_AUDIT.c 1970-01-01 01:00:00.000000000 +0100
++++ ebtables2.orig/extensions/ebt_AUDIT.c 2011-01-07 10:53:46.680329228 +0100
+@@ -0,0 +1,110 @@
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <getopt.h>
++#include "../include/ebtables_u.h"
++#include <linux/netfilter/xt_AUDIT.h>
++
++#define AUDIT_TYPE '1'
++static struct option opts[] =
++{
++ { "audit-type" , required_argument, 0, AUDIT_TYPE },
++ { 0 }
++};
++
++static void print_help()
++{
++ printf(
++ "AUDIT target options:\n"
++ " --audit-type TYPE : Set action type to record.\n");
++}
++
++static void init(struct ebt_entry_target *target)
++{
++ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data;
++
++ info->type = 0;
++}
++
++static int parse(int c, char **argv, int argc,
++ const struct ebt_u_entry *entry, unsigned int *flags,
++ struct ebt_entry_target **target)
++{
++ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data;
++
++ switch (c) {
++ case AUDIT_TYPE:
++ ebt_check_option2(flags, AUDIT_TYPE);
++
++ if (!strcasecmp(optarg, "accept"))
++ info->type = XT_AUDIT_TYPE_ACCEPT;
++ else if (!strcasecmp(optarg, "drop"))
++ info->type = XT_AUDIT_TYPE_DROP;
++ else if (!strcasecmp(optarg, "reject"))
++ info->type = XT_AUDIT_TYPE_REJECT;
++ else
++ ebt_print_error2("Bad action type value `%s'", optarg);
++
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++static void final_check(const struct ebt_u_entry *entry,
++ const struct ebt_entry_match *match, const char *name,
++ unsigned int hookmask, unsigned int time)
++{
++}
++
++static void print(const struct ebt_u_entry *entry,
++ const struct ebt_entry_target *target)
++{
++ const struct xt_AUDIT_info *info =
++ (const struct xt_AUDIT_info *) target->data;
++
++ printf("--audit-type ");
++
++ switch(info->type) {
++ case XT_AUDIT_TYPE_ACCEPT:
++ printf("accept");
++ break;
++ case XT_AUDIT_TYPE_DROP:
++ printf("drop");
++ break;
++ case XT_AUDIT_TYPE_REJECT:
++ printf("reject");
++ break;
++ }
++}
++
++static int compare(const struct ebt_entry_target *t1,
++ const struct ebt_entry_target *t2)
++{
++ const struct xt_AUDIT_info *info1 =
++ (const struct xt_AUDIT_info *) t1->data;
++ const struct xt_AUDIT_info *info2 =
++ (const struct xt_AUDIT_info *) t2->data;
++
++ return info1->type == info2->type;
++}
++
++static struct ebt_u_target AUDIT_target =
++{
++ .name = "AUDIT",
++ .size = sizeof(struct xt_AUDIT_info),
++ .help = print_help,
++ .init = init,
++ .parse = parse,
++ .final_check = final_check,
++ .print = print,
++ .compare = compare,
++ .extra_ops = opts,
++};
++
++void _init(void)
++{
++ ebt_register_target(&AUDIT_target);
++}
+--- ebtables2.orig/extensions/Makefile 2011-01-07 10:55:28.077246240 +0100
++++ ebtables2.orig/extensions/Makefile 2011-01-07 10:53:46.686329230 +0100
+@@ -1,7 +1,7 @@
+ #! /usr/bin/make
+
+ EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \
+- pkttype stp among limit ulog nflog
++ pkttype stp among limit ulog nflog AUDIT
+ EXT_TABLES+=filter nat broute
+ EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)
+ EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)
+--- a/include/linux/netfilter/xt_AUDIT.h
++++ a/include/linux/netfilter/xt_AUDIT.h
+@@ -0,0 +1,30 @@
++/*
++ * Header file for iptables xt_AUDIT target
++ *
++ * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
++ * (C) 2010-2011 Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++
++#ifndef _XT_AUDIT_TARGET_H
++#define _XT_AUDIT_TARGET_H
++
++#include <linux/types.h>
++
++enum {
++ XT_AUDIT_TYPE_ACCEPT = 0,
++ XT_AUDIT_TYPE_DROP,
++ XT_AUDIT_TYPE_REJECT,
++ __XT_AUDIT_TYPE_MAX,
++};
++
++#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
++
++struct xt_AUDIT_info {
++ __u8 type; /* XT_AUDIT_TYPE_* */
++};
++
++#endif /* _XT_AUDIT_TARGET_H */
--- /dev/null
+# Save (and possibly restore) in text format.
+# Value: yes|no, default: yes
+# Save the firewall rules in text format to /etc/sysconfig/ebtables
+# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
+# is done using this text format.
+EBTABLES_TEXT_FORMAT="yes"
+
+# Save (and restore) in binary format.
+# Value: yes|no, default: yes
+# Save (and restore) the firewall rules in binary format to (and from)
+# /etc/sysconfig/ebtables.<chain>. Enabling this option will make
+# firewall initialisation a lot faster.
+EBTABLES_BINARY_FORMAT="yes"
+
+# Unload modules on restart and stop
+# Value: yes|no, default: yes
+# This option has to be 'yes' to get to a sane state for a firewall
+# restart or stop. Only set to 'no' if there are problems unloading netfilter
+# modules.
+EBTABLES_MODULES_UNLOAD="no"
+
+# Save current firewall rules on stop.
+# Value: yes|no, default: no
+# Saves all firewall rules if firewall gets stopped
+# (e.g. on system shutdown).
+EBTABLES_SAVE_ON_STOP="no"
+
+# Save current firewall rules on restart.
+# Value: yes|no, default: no
+# Saves all firewall rules if firewall gets restarted.
+EBTABLES_SAVE_ON_RESTART="no"
+
+# Save (and restore) rule counters.
+# Value: yes|no, default: no
+# Save rule counters when saving a kernel table to a file. If the
+# rule counters were saved, they will be restored when restoring the table.
+EBTABLES_SAVE_COUNTER="no"
--- /dev/null
+diff -up ebtables-v2.0.10-4/extensions/Makefile.linkfix ebtables-v2.0.10-4/extensions/Makefile
+--- ebtables-v2.0.10-4/extensions/Makefile.linkfix 2011-12-15 15:02:47.000000000 -0500
++++ ebtables-v2.0.10-4/extensions/Makefile 2012-04-05 15:52:09.563511746 -0400
+@@ -9,9 +9,10 @@ EXT_LIBS+=$(foreach T,$(EXT_FUNC), exten
+ EXT_LIBS+=$(foreach T,$(EXT_TABLES), extensions/libebtable_$(T).so)
+ EXT_LIBSI+=$(foreach T,$(EXT_FUNC), -lebt_$(T))
+ EXT_LIBSI+=$(foreach T,$(EXT_TABLES), -lebtable_$(T))
++EXT_LDFLAGS+=-L. -lebtc
+
+-extensions/ebt_%.so: extensions/ebt_%.o
+- $(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
++extensions/ebt_%.so: extensions/ebt_%.o libebtc.so
++ $(CC) $(LDFLAGS) $(EXT_LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+
+ extensions/libebt_%.so: extensions/ebt_%.so
+ mv $< $@
--- /dev/null
+diff -up ebtables-v2.0.10-1/Makefile.orig ebtables-v2.0.10-1/Makefile
+--- ebtables-v2.0.10-1/Makefile.orig 2011-07-10 05:28:52.000000000 -0400
++++ ebtables-v2.0.10-1/Makefile 2011-07-11 10:45:00.323426448 -0400
+@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/
+ scripts: ebtables-save ebtables.sysv ebtables-config
+ cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+ mkdir -p $(DESTDIR)$(BINDIR)
+- install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
++ install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+ cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+ if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
+- if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
++ if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
+ cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+ if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi
+- if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
++ if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
+ rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+
+ tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g')
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+ mkdir -p $(DESTDIR)$(@D)
+ sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_
+- install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
++ install -m 0644 ebtables.8_ $(DESTDIR)$@
+ rm -f ebtables.8_
+
+ $(DESTDIR)$(ETHERTYPESFILE): ethertypes
+ mkdir -p $(@D)
+- install -m 0644 -o root -g root $< $@
++ install -m 0644 $< $@
+
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+ mkdir -p $(DESTDIR)$(BINDIR)
+- install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+- install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
++ install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
++ install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts
+@@ -205,18 +205,18 @@ release:
+ rm -f extensions/ebt_inat.c
+ rm -rf $(CVSDIRS)
+ mkdir -p include/linux/netfilter_bridge
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/
+ # To keep possible compile error complaints about undefined ETH_P_8021Q
+ # off my back
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/if_ether.h include/linux/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/types.h include/linux/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \
+ include/linux/netfilter_bridge/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ include/ebtables.h include/linux/netfilter_bridge/
+ make clean
+ touch *
--- /dev/null
+#!/bin/sh
+#
+# init script for the Ethernet Bridge filter tables
+#
+# chkconfig: - 15 85
+# description: Ethernet Bridge filtering tables
+#
+# config: /etc/sysconfig/ebtables (text)
+# /etc/sysconfig/ebtables.<table> (binary)
+
+EBTABLES_CONFIG=/etc/sysconfig/ebtables
+if [ ! -f $EBTABLES_CONFIG ]; then
+ case "$1" in
+ start|restart|force-reload)
+ exit 0
+ ;;
+ esac
+fi
+
+# Source 'em up
+. /etc/rc.d/init.d/functions
+
+#default configuration
+EBTABLES_TEXT_FORMAT="yes"
+EBTABLES_BINARY_FORMAT="yes"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+[ -f /etc/sysconfig/ebtables-config ] && . /etc/sysconfig/ebtables-config
+
+start() {
+ # don't do squat if we don't have the config file
+ if [ -f $EBTABLES_CONFIG ]; then
+ show "Starting Ethernet bridge filtering (ebtables)"
+ if is_yes "$EBTABLES_BINARY_FORMAT"; then
+ for table in $(ls /etc/sysconfig/ebtables.* 2>/dev/null | sed -e 's/.*ebtables\.//' -e '/save/d' ); do
+ /usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-commit || RETVAL=1
+ done
+ else
+ /usr/sbin/ebtables-restore < /etc/sysconfig/ebtables || RETVAL=1
+ fi
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ touch /var/lock/subsys/ebtables
+ else
+ fail
+ fi
+ fi
+}
+
+stop() {
+ show "Stopping Ethernet bridge filtering (ebtables)"
+ for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --init-table || RETVAL=1
+ done
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ rm -f /var/lock/subsys/ebtables
+ else
+ fail
+ fi
+}
+
+restart() {
+ stop
+ start
+}
+
+save() {
+ show "Saving Ethernet bridge filtering (ebtables)"
+ if is_yes "$EBTABLES_TEXT_FORMAT"; then
+ if [ -e /etc/sysconfig/ebtables ]; then
+ chmod 0600 /etc/sysconfig/ebtables
+ mv -f /etc/sysconfig/ebtables /etc/sysconfig/ebtables.save
+ fi
+ /usr/sbin/ebtables-save > /etc/sysconfig/ebtables || RETVAL=1
+ fi
+ if is_yes "$EBTABLES_BINARY_FORMAT"; then
+ rm -f /etc/sysconfig/ebtables.*.save
+ for oldtable in $(ls /etc/sysconfif/ebtables.* 2>/dev/null | grep -vF 'ebtables.save'); do
+ chmod 0600 $oldtable
+ mv -f $oldtable $oldtable.save
+ done
+ for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-save || RETVAL=1
+ if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+ /usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table -Z || RETVAL=1
+ fi
+ done
+ fi
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ is_yes "$EBTABLES_SAVE_ON_STOP" && save
+ stop
+ ;;
+ restart|reload)
+ is_yes "$EBTABLES_SAVE_ON_RESTART" && save
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/ebtables ] && restart
+ RETVAL=$?
+ ;;
+ save)
+ save
+ ;;
+ status)
+ for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --list
+ done
+ ;;
+ *)
+ echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
+ RETVAL=1
+esac
+
+exit $RETVAL
-#
# TODO:
-# - initscripts stuff - move save/restore dumps to /etc/sysconfig & more
# - review llh patch
#
-%define _pre 4
-%define _rel 1
+%define ver 2.0.10
+%define vermin 4
Summary: Ethernet Bridge Tables
Summary(pl.UTF-8): Ethernet Bridge Tables - filtrowanie i translacja adresów dla Ethernetu
Name: ebtables
-Version: 2.0.10
-Release: %{_pre}.%{_rel}
+Version: %{ver}.%{vermin}
+Release: 1
License: GPL
Group: Networking/Daemons
-Source0: http://downloads.sourceforge.net/ebtables/%{name}-v%{version}-%{_pre}.tar.gz
+Source0: http://downloads.sourceforge.net/ebtables/%{name}-v%{ver}-%{vermin}.tar.gz
# Source0-md5: 506742a3d44b9925955425a659c1a8d0
+Source1: %{name}.init
+Source2: %{name}-config
+Patch0: ebtables-audit.patch
+Patch1: ebtables-linkfix.patch
+Patch2: ebtables-norootinst.patch
URL: http://ebtables.sourceforge.net/
BuildRequires: rpmbuild(macros) >= 1.268
Requires(post,preun): /sbin/chkconfig
standardowych jąder Linuksa w wersjach 2.5.x i nowszych.
%prep
-%setup -q -n %{name}-v%{version}-%{_pre}
+%setup -q -n %{name}-v%{ver}-%{vermin}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
%{__make} \
+ CC="%{__cc}" \
CFLAGS="%{rpmcflags}" \
- CC="%{__cc}"
+ LIBDIR="%{_libdir}/ebtables" \
+ BINDIR="%{_sbindir}" \
+ MANDIR="%{_mandir}"
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/sysconfig,/etc/rc.d/init.d,%{_sysconfdir},%{_sbindir},%{_libdir},%{_mandir}/man8}
+install -d $RPM_BUILD_ROOT{/etc/sysconfig,/etc/rc.d/init.d,%{_sysconfdir}} \
+ $RPM_BUILD_ROOT{%{_sbindir},%{_libdir}/ebtables,%{_mandir}/man8}
install ebtables{,-restore} $RPM_BUILD_ROOT%{_sbindir}
install ethertypes $RPM_BUILD_ROOT%{_sysconfdir}
install ebtables.8 $RPM_BUILD_ROOT%{_mandir}/man8
-install extensions/*.so *.so $RPM_BUILD_ROOT%{_libdir}
+install extensions/*.so *.so $RPM_BUILD_ROOT%{_libdir}/ebtables
+install ebtables-save $RPM_BUILD_ROOT%{_sbindir}
+%{__sed} -i -e "s|__EXEC_PATH__|%{_sbindir}|g" $RPM_BUILD_ROOT%{_sbindir}/ebtables-save
-export __iets=`printf %{_sbindir} | sed 's/\\//\\\\\\//g'`
-export __iets2=`printf %{_mysysconfdir} | sed 's/\\//\\\\\\//g'`
-sed -i "s/__EXEC_PATH__/$__iets/g" ebtables-save
-install ebtables-save $RPM_BUILD_ROOT%{_sbindir}
-sed -i "s/__EXEC_PATH__/$__iets/g" ebtables.sysv; sed -i "s/__SYSCONFIG__/$__iets2/g" ebtables.sysv
-install ebtables.sysv $RPM_BUILD_ROOT/etc/rc.d/init.d/ebtables
-sed -i "s/__SYSCONFIG__/$__iets2/g" ebtables-config
-install ebtables-config $RPM_BUILD_ROOT/etc/sysconfig
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/ebtables
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/ebtables-config
%clean
rm -rf $RPM_BUILD_ROOT
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/ebtables-config
%attr(754,root,root) /etc/rc.d/init.d/ebtables
%attr(755,root,root) %{_sbindir}/ebtables*
-%attr(755,root,root) %{_libdir}/libebt*.so
+%attr(755,root,root) %{_libdir}/ebtables/libebt*.so
%{_mandir}/man8/ebtables.8*
projects / packages / ebtables.git / commitdiff